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Claims : 



1. A packet switching control system for controlling a 
packet switched connection between a subscriber terminal 
5 (1) and an end terminal (5) identified by a connection 
endpoint identification in a communication network (4) , 
comprising: 

storing means for storing a subscriber-specific screening 
list for a plurality of connection endpoint 
10 identifications; and 

control means (7) for performing a screening control of the 
packet switched connection on the basis of a screening 

O parameter corresponding to the connection endpoint 

identification of the end terminal (5) , wherein said 

£ 15 control means (7) belongs to b/ different entity than said 

y storing means . 

O 2. A system according to claim 1, wherein said control 

% means (7) belongs to any entity where a packet session is 

^ 20 activated, while said storing means belongs to a fixed 

^ entity. 

3. A system according to claim 1, wherein the control 
means (7) is arranged to download the subscriber-specific 
25 screening list, when the subscriber terminal (1) activates 
a packet data session. 



4. A system according to claim 3, wherein the control 
means (7) is arranged to download the subscriber-specific 

30 screening list, when a packet is transmitted. 

5 . A system according to claim 3 , wherein the control 
means (7) is arranged to load the subscriber-specific 
screening list from an external server or a location 

35 register (8) during an attach or location update procedure 
or a PDP context activation, and to store the loaded 
screening list in the storing means. 
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6. A system according to claim 5, wherein the subscriber- 
specific screening list comprises a tag indicating whether 
the list contains allowed or denied connection endpoint 
identifications, and wherein the control means (7) is 
arranged to let pass only those data packets transmitted 
from/ to an allowed connection endpoint. 

7 . A system according to claim 3 , wherein the subscriber- 
specific screening list is initialized as an empty list 
which is updated by the control means (7) each time the 
control means (7) receives a data packet with a connection 
endpoint identification not included in the subscriber- 
specific screening list. 

8. A system according to claim 7 , wherein the update of 
the subscriber-specific screening list is performed by an 
inquiry to a service control function which answers to the 
inquiry by transmitting a connection parameter for the 
corresponding connection endpoint identification. 

9. Ksystem according to any one of claims 3 to 8, 
wherein ti^e subscriber-specific screening list is 
propagated to other network elements, if it is has been 
modified by a subscriber . 

10. A system accordiha to any one of the preceding claims, 
wherein said control meahs (7) is a network element and 
arranged to perform packet screening for downlink packets 
in accordance with the subscrife^r-specif ic screening list. 

11. A system according to claim 10, wherein said network 
element (7) is arranged to monitor an uplink traffic 
transmitted from the subscriber terminal (1) via the packet 
switched connection and to command the subscriber terminal 

35 (1) to screen data packets transmitted to an end terminal 

(5) identified as a denied packet destination based on said 
subscriber-specific screening list. 
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12. A system accoisding to claim 10 or 11 , wherein the 
communication network (4) is a General Packet Radio 
Services (GPRS) networlN^nd wherein the network element is 
a Gateway GPRS Support Nocte^GGSN ) (7) . 

5 

13 . A system according to claim 12 , wherein the screening 
list comprises a charging information, and wherein the GGSN 
(7) is arranged to supply the charging information to a 
Serving GPRS Support Node (SGSN) (6) which performs a 

10 charging operation in accordance with the charging 
information . 

14. A system ^^ording to any one of the preceding claims, 
wherein the connection endpoint identification is one of a 

15 PDP address, an IP address, a / subaddress space, a port 
number, a DNS hostname and ps^tocol, a cipherkey or a 
-e^mbtnation of tnese, 

15. A subscriber terminal (1) for controlling a packet 

20 switched connection to an end terminal (5) identified by a 
connection endpoint identification in a communication 
network (4), comprising: 

loading means for loading a subscriber-specific screening 
list; and 

25 control means (7) for performing a packet screening for 

uplink packets on the basis of a screening list parameter 
corresponding to the connection endpoint identification of 
the end terminal (5) • 

30 16. A subscriber terminal according to claim 15, wherein 
said subscriber terminal is a mobile station equipment. 



17 . A packet switching control system for controlling a 
packet switched connection between a subscriber terminal 
35 (1) and an end terminal (5) identified by a connection 
endpoint identification in a communication network (4) , 
comprising: 
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storing means for storing a subscriber- specific screening 
list for a plurality of connection endpoint 

identifications, wherein a detection point information for 
an interrogation of an Intelligent Network (IN) service 
5 control function can be set selectively for a specific 
connection endpoint identification in the subscriber- 
specific screening list; and 

control means (7) for triggering an IN interrogation, when 
a data packet with a connection endpoint identification, 
lo for which a detection point information is set, is 
transmitted via the packet switched connection. 

18. A system according to claim 17, wherein the IN 
interrogation is triggered only for a first data packet 

15 having a new connection endpoint identification marked with 
a detection point. 

19. \ system according to claim 17 or 18, wherein the 
controlVeans (7) is commanded by the service control 

20 function/N^iich has received the IN interrogation, so as to 
replace the\orresponding detection point information by a 
subscriber- spebdf ic screening information, and so to accept 
a data packet or\o reject the data packet in accordance 
with the subscriberXspecif ic screening information. 

25 >v 

20. A system according\o any one of claims 19, wherein 
the service control function which has received the IN 
interrogation provides a mork detailed subscriber-specific 
screening profile to the contrbi means (7) . 

30 

21. A packet switching control method for controlling a 
packet switched connection between a subscriber terminal 

(1) and an end terminal (5) identified by a connection 
endpoint identification in a communication network (4) , 
35 comprising the steps of: 

providing a subscriber-specific screening list for a 
plurality of connection endpoint identifications; and 
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performing a screening control of the packet switched 
connection in another entity on the basis of a screening 
parameter corresponding to the connection endpoint 
identification of the end terminal (5) . 

5 

22. A method according to claim 21, wherein the 
subscriber-specific screening list is loaded from an 
external server or a location register (8) during an attach 
or location update procedure or a PDP context activation. 

10 

23. A method according to claim 21, wherein the 
subscriber-specific screening list is initialized as an 
empty list and updated each time a data packet with a 
connection endpoint identification not included in the 

15 subscriber-specific screening list is received. 

24. "A method according to any one of claims 21 to 23 , 

f urthek comprising the step of propagating the subscriber- 
specificV screening list to other network elements, if it is 
20 has been flfcodified by a subscriber. 

25. A method\according to any one of claims 21 to 24, 
wherein the screening control is performed in a network 
element for downlink packets and in the subscriber terminal 

25 for uplink packets\ 

26. A method according to any one of claims 21 to 24, 
wherein an uplink traffic transmitted from the subscriber 
terminal via the packet switched connection is monitored 

30 and the subscriber terminaPvis commanded to screen data 

packets transmitted to a packet destination identified as a 
denied packet destination basecKon said subscriber-specific 
ff^r^pning 1 ^ gt " \ 

35 27. A method according to claim 18, wherein the screening 
list comprises a charging information. 
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28. A packet switching control method for controlling a 
packet switched connection between a subscriber terminal 
(1) and an end terminal (5) identified by a connection 
endpoint identification in a communication network (4), 
comprising the steps of: 

providing a subscriber- specific screening list for a 
plurality of connection endpoint identifications; 
selectively setting a detection point information for an 
interrogation of an Intelligent Network (IN) service 
control function for a specific connection endpoint 
identification in the subscriber-specific screening list; 
and 

triggering an IN interrogation, when a data packet with a 
connection endpoint identification, for which a detection 
point information is set, is transmitted via the packet 
switched connection. 



